CVE-2018-6126

EPSS 7.7%

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 7.7%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

27 Jul 2018Public PoC

09 Jan 2019Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Affected products

Google · Chrome

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/45098/unverified exploitdbwww.exploit-db.com/exploits/45098unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2018:1815 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/844457 https://security.gentoo.org/glsa/201810-01 https://www.debian.org/security/2018/dsa-4220 https://www.debian.org/security/2018/dsa-4237 https://www.exploit-db.com/exploits/45098/http://www.securityfocus.com/bid/104309 http://www.securityfocus.com/bid/104411 http://www.securitytracker.com/id/1041014